CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25125 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25123 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25116 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3.
CVSS: HIGH (7.6) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25104 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25088 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25075 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25074 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25072 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25071 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-24366 |
Description: SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. This issue was fixed in version v2.6.5 by checking the client provided arguments. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|